Netgear UTM50-100NAS User Manual
ProSecure Unified Threat Management (UTM) Appliance Reference Manual
Virtual Private Networking Using SSL Connections
8-25
v1.0, January 2010
3. In the Add New Host Name for Port Forwarding section of the screen, specify information in
the following fields:
•
Local Server IP Address. The IP address of an internal server or host computer that you
want to name.
want to name.
•
Fully Qualified Domain Name. The full server name.
4. Click the Add table button. The new application entry is added to the List of Configured Host
Names for Port Forwarding table.
To delete a name from the List of Configured Host Names for Port Forwarding table, select the
checkbox to the left of the name that you want to delete, and then click the Delete table button in
the Action column.
checkbox to the left of the name that you want to delete, and then click the Delete table button in
the Action column.
Configuring the SSL VPN Client
The SSL VPN client on the UTM assigns IP addresses to remote VPN tunnel clients. Because the
VPN tunnel connection is a point-to-point connection, you can assign IP addresses from the local
subnet to the remote VPN tunnel clients.
VPN tunnel connection is a point-to-point connection, you can assign IP addresses from the local
subnet to the remote VPN tunnel clients.
The following are some additional considerations:
•
So that the virtual (PPP) interface address of a VPN tunnel client does not conflict with
addresses on the local network, configure an IP address range that does not directly overlap
with addresses on your local network. For example, if 192.168.1.1 through 192.168.1.100 are
currently assigned to devices on the local network, then start the client address range at
192.168.1.101 or choose an entirely different subnet altogether.
addresses on the local network, configure an IP address range that does not directly overlap
with addresses on your local network. For example, if 192.168.1.1 through 192.168.1.100 are
currently assigned to devices on the local network, then start the client address range at
192.168.1.101 or choose an entirely different subnet altogether.
•
The VPN tunnel client cannot contact a server on the local network if the VPN tunnel client’s
Ethernet interface shares the same IP address as the server or the UTM (for example, if your
PC has a network interface IP address of 10.0.0.45, then you cannot contact a server on the
remote network that also has the IP address 10.0.0.45).
Ethernet interface shares the same IP address as the server or the UTM (for example, if your
PC has a network interface IP address of 10.0.0.45, then you cannot contact a server on the
remote network that also has the IP address 10.0.0.45).
•
Select whether you want to enable full tunnel or split tunnel support based on your bandwidth:
–
A full tunnel sends all of the client’s traffic across the VPN tunnel.
–
A split tunnel sends only traffic that is destined for the local network based on the
specified client routes. All other traffic is sent to the Internet. A split tunnel allows you to
manage bandwidth by reserving the VPN tunnel for local traffic only.
specified client routes. All other traffic is sent to the Internet. A split tunnel allows you to
manage bandwidth by reserving the VPN tunnel for local traffic only.
Note: If the server or host computer that you want to name does not appear in the
List of Configured Applications for Port Forwarding table, you must add it
before you can rename it.
before you can rename it.